Trader 855 | Strategy Room Privacy Policy

Privacy Policy (Trader855 Strategy Room) This Privacy Policy explains how personal data is collected and processed in connection with the Trader855 Strategy Room (the “Service”). By subscribing to the Service, you acknowledge and agree to the processing of your personal data as described below. 1. Data Controller The Data Controller is: Gabriele Lettera, c/o Lettera Holding S.r.l. Corso Galileo Ferraris 53, 10128 Torino (TO), Italy Email: gabriele.lettera@gmail.com PEC: gabriele.lettera@mypec.eu 2. Data We Collect We collect and process only the data necessary to provide and manage the Service, including: • Email address • Telegram username and/or Telegram ID • Subscription and payment status information • Billing details necessary for invoicing (e.g., country, VAT/business status, invoice data as required) Payment card details are processed securely by Stripe and are not stored or accessible by us. We may also collect limited technical data through Google Analytics (see Section 8). 3. Purposes of Processing We process personal data for the following purposes: • Creating and managing your subscription and access to the Strategy Room • Processing payments, renewals, and subscription lifecycle events • Providing essential service communications (e.g., access instructions, subscription status, important operational notices) • Issuing invoices and handling accounting/tax obligations where applicable • (If you opt in) sending newsletters or promotional communications 4. Legal Bases (GDPR) We process your personal data based on the following legal grounds: • Performance of a contract (Art. 6(1)(b) GDPR): to provide the Service and manage subscriptions via InviteMember/Telegram/Stripe • Legal obligation (Art. 6(1)(c) GDPR): for accounting, invoicing, and tax compliance • Consent (Art. 6(1)(a) GDPR): for future newsletters/marketing communications (where applicable). You can withdraw consent at any time. 5. Subscription and Pricing Information The Service is offered on a monthly subscription basis, currently €97 per month + VAT (if applicable). VAT application depends on applicable tax rules, including the customer’s status (consumer/business) and jurisdiction. 6. Payment Processing (Stripe) All payments are processed securely by Stripe. We do not collect or store your payment card credentials. Stripe acts as an independent data controller for payment processing according to its own privacy documentation. 7. Data Sharing and Recipients We do not sell or rent your personal data. We may share data only with service providers strictly necessary to deliver the Service, including: • Stripe (payment processing) • InviteMember (subscription access management) • Telegram (delivery of Service access and communications) • Google Analytics (website/app analytics, see Section 8) Where required, we use appropriate contractual safeguards with processors. 8. Analytics (Google Analytics) We use Google Analytics to understand usage patterns and improve the Service. Google Analytics may collect technical and usage information (e.g., device/browser data, pages visited, approximate location inferred from IP). Where required by law, we will request your consent for analytics cookies/technologies through a cookie banner or similar mechanism. 9. International Data Transfers Some providers (e.g., Stripe, Telegram, Google) may process data outside the European Economic Area (EEA). Where applicable, international transfers are protected by appropriate safeguards such as Standard Contractual Clauses (SCCs) or other lawful mechanisms. 10. Data Retention We retain personal data only for as long as necessary to provide the Service and comply with legal obligations: • Subscription/account data: retained for the duration of your subscription and for a limited period thereafter for operational needs and dispute handling • Invoicing/accounting data: retained for the period required by applicable accounting and tax laws • Newsletter consent records (if applicable): retained until you withdraw consent or as required to demonstrate compliance 11. Your Rights (GDPR) You have the right to request: • Access to your data • Correction of inaccurate data • Deletion of your data (where applicable) • Restriction of processing • Objection to processing (where applicable) • Data portability (where applicable) • Withdrawal of consent at any time (for marketing/newsletters) To exercise your rights, contact the Data Controller at the email/PEC listed in Section 1. 12. Right to Lodge a Complaint You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. In Italy, the supervisory authority is the Garante per la Protezione dei Dati Personali. 13. Changes to This Policy We may update this Privacy Policy from time to time. Continued use of the Service after an update implies acceptance of the revised policy. Last updated: 02/02/2026