I. PRIVACY AND DATA PROTECTION POLICY

In compliance with current regulations, Sam Lewis Writer (hereinafter also the “Website”) undertakes to adopt the necessary technical and organizational measures, appropriate to the level of risk of the data collected, to guarantee the proper protection of users’ personal data.

Applicable Regulations

This Privacy Policy complies with the current European and Spanish regulations on the protection of personal data on the Internet, in particular:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR).
• Organic Law 3/2018 of 5 December on Personal Data Protection and guarantee of digital rights (LOPDGDD).
• Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE).

---

II. DATA CONTROLLER

The controller for the personal data collected on samlewiswriter.com is:

Name: Luis Chicharro
Tax ID (NIF): 48367553W
Postal address: C/ Capitán Alfonso Vives 111, 03013 Alicante, Spain
Contact email: contact@samlewiswriter.com

---

III. PERSONAL DATA RECORD

In compliance with the GDPR and LOPDGDD, users are informed that the personal data provided through the forms on this Website will be incorporated into processing systems under the responsibility of the owner, for the following purposes:

• To facilitate, expedite, and fulfil the commitments established between the Website and the user.
• To maintain any established relationship.
• To handle requests, inquiries, or communications received.

A record of processing activities is maintained in accordance with the provisions of the GDPR.

---

IV. PRINCIPLES APPLIED TO DATA PROCESSING

The processing of users’ personal data will always be governed by the following principles:

• Lawfulness, fairness and transparency: data will be processed lawfully, fairly and transparently.
• Purpose limitation: data will be collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes.
• Data minimisation: only data strictly necessary in relation to the purposes of the processing will be requested.
• Accuracy: data will be accurate and, where necessary, kept up to date.
• Storage limitation: data will be kept only for the time necessary for the purposes of the processing.
• Integrity and confidentiality: appropriate security of personal data will be ensured.
• Proactive accountability: the controller will implement appropriate technical and organisational measures to ensure and be able to demonstrate that processing is in compliance with the GDPR.

---

V. CATEGORIES OF PERSONAL DATA

Only basic identifying data are collected, specifically:

• Name (or pseudonym)
• Email address

In no case are special categories of personal data processed within the meaning of Article 9 of the GDPR (ethnic origin, political opinions, health data, etc.).

---

VI. LEGAL BASIS FOR PROCESSING

The legal basis legitimising the processing of users’ personal data is their explicit consent, given when:

• subscribing to the newsletter,
• downloading free content,
• or contacting through the enabled forms.

The user may withdraw their consent at any time, with the same ease with which it was given, without affecting the lawfulness of processing based on consent prior to its withdrawal.

---

VII. PURPOSE OF PROCESSING

The personal data provided by the user will be used exclusively for:

• Sending the free stories and content requested.
• Sending the newsletter (periodic or weekly) and occasional communications about new publications, updates or related content.
• Responding to user messages, inquiries or communications.
• Improving the Website and the reading experience, in a general and aggregated manner.

Occasionally, data may be used for anonymised statistical purposes, without any possibility of personally identifying the user.

---

VIII. DATA RETENTION PERIOD

Data will be retained only for the time strictly necessary for the described purposes. In practice:

• Newsletter subscribers: until the user unsubscribes or prolonged inactivity is detected (e.g., more than 18 months without opening any email).
• After unsubscribe or deletion request, data will be deleted or anonymised within a reasonable period.

---

IX. DATA RECIPIENTS

Users’ personal data will not be sold, rented or transferred to third parties for commercial purposes.

Only the following may access the data:

• Trusted service providers, acting as data processors, such as:
• Email delivery platforms (e.g., Brevo or similar providers).
• Web hosting services.
• Payment gateways or book sales platforms when paid products are enabled.

All of them will act under data processing agreements in accordance with the GDPR.

• Competent public authorities, in the event of a legal requirement.

---

X. INTERNATIONAL DATA TRANSFERS

Some of the aforementioned providers (e.g., email marketing or hosting services) may store data outside the European Economic Area (EEA).

In such cases, only companies that:

• have an adequacy decision from the European Commission, or
• have signed Standard Contractual Clauses or offer sufficient guarantees in accordance with European data protection regulations

will be used.

---

XI. MINORS

This Website and the content offered are directed exclusively to adults.

Persons under 18 years of age must not provide personal data through the site without the prior consent of their parents or legal guardians. If data from minors is received without such authorisation, it will be deleted.

---

XII. DATA SECURITY

The Website has an SSL certificate and appropriate technical and organisational measures are applied according to the level of risk to protect personal data against loss, misuse, alteration or unauthorised access.

However, the user must be aware that no Internet transmission or storage system is 100% secure.

In the event of a security breach that poses a high risk to the rights and freedoms of users, they will be notified without undue delay, as well as the competent supervisory authority, as established in the GDPR.

---

XIII. USER RIGHTS

The user has the right to:

• Access their personal data.
• Rectify inaccurate or incomplete data.
• Request deletion of their data (“right to be forgotten”) when, among other reasons, they are no longer necessary for the purposes for which they were collected.
• Request restriction of processing of their data in certain cases.
• Object to the processing of their data.
• Request portability of their data, where technically feasible.
• Not be subject to automated individualised decisions, including profiling.

To exercise any of these rights, the user may send an email to:

contact@samlewiswriter.com
Subject:
“GDPR – samlewiswriter.com”

The request will be responded to within a maximum period of one month, extendable in complex cases in accordance with the regulations.

Likewise, the user has the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) if they consider that the processing of their personal data infringes the regulations.

---

XIV. THIRD-PARTY LINKS

The Website may contain links to other external websites. The owner is not responsible for the privacy practices of such sites; users are advised to review the corresponding privacy policies before providing personal data on them.

---

XV. CHANGES TO THIS PRIVACY POLICY

The owner may update or modify this Privacy Policy at any time.

The current version will always be available on this same page. Users’ rights regarding data protection will not be reduced without their explicit consent when necessary.

Last updated: November 28, 2025